Late Night Flashback: The Ventures - Walk Don't Run

TSA Puts Gags on Airline Ticket Agents

In typical government fashion, the Transportation Security Administration (TSA) is blaming somebody else for problems it created.

As reported in USA Today, and shown on CNN this week, the TSA is telling airline ticket agents to keep their mouths shut and not to inform passengers that they are on the TSA terrorist watch list, or the airline they work for will be subject to a $25,000 fine if they do.

This seems to be a semantics word game TSA has been playing recently, especially after CNN reporter Drew Griffin reported that he found himself on the TSA's terrorist watch list soon after doing a report that was critical of the Federal Air Marshal Service.

When grilled by Congresswoman Sheila Jackson-Lee recently in a congressional hearing, DHS Secretary Michael Chertoff stated, "It is not my understanding that the reporter was put on the list, he may share the name with someone who was put on . . . we do have circumstances where we have name mis-matches."

But wait, if there were "mis-matches" of the names, then Drew Griffin and all of the other passengers on the terrorist watch list wouldn't be complaining. The problem is, their names are matching the names on the watch list –– not mis-matching. If Secretary Chertoff cannot even understand this basic concept, then we are all in trouble.

The private details of up to 10,000 Trade Me users - described as a "shopping list for criminals" - have been released by police to prison inmates.

Police investigating the so-called terror raids last year obtained the information of the innocent traders as evidence. They then passed the disclosure material to defence lawyers and, in one case, to the prison cell of Jamie Lockett.

One of the "Urewera 16" arrested on firearms charges, Lockett received 16 boxes containing 24,000 pages of information relating to the police case against him, according to this week's Listener.

One of the boxes contained the personal details of up to 10,000 Trade Me customers, including their name, user name, personal email address, phone numbers, home address and trading history over the past five years.

Ticket Scam Hits Olympics

Olympic officials have turned to the federal courts in a bid to shut down two online companies suspected of stealing money, credit card information and passport numbers from hundreds of people who thought they were buying scarce tickets to prime events in Beijing.

The International Olympic Committee and the U.S. Olympic Committee won a restraining order July 23 in federal court in Phoenix that shut down one of the websites, www.beijing-tickets2008.com. On Monday, the USOC and IOC plan to ask a federal judge in San Francisco for an order that would shut down www.beijingticketing.com, which remained active Friday.

Attorneys for the IOC and USOC have been in touch with authorities, and "it is our understanding that there are discussions ongoing within law enforcement as to whether the FBI will become involved," said USOC General Counsel Rana Dershowitz.

Officials said they did not know for certain whether the operators of beijing-tickets2008 were out of business, or had simply shifted to a new online address. Both companies appeared to have been operating several related websites promising to deliver hard-to-find Olympics tickets.

The websites lured people in large part by their extensive -- and allegedly illegal -- use of logos that look very similar to the official Olympic ones. The websites' names also helped them appear atop search engine results.

Hawaii Man Accused of Helping China Design Missile

Cheryl Gowadia couldn't figure out why FBI agents in riot gear, guns drawn, were storming her home on Maui's tranquil North Shore. At first, she thought they might be after the man building a pond in her backyard. Instead, she was stunned to learn they wanted to question her husband, a former B-2 stealth bomber engineer.

A week later, on Oct. 13, 2005, agents arrested Noshir Gowadia, a native of India who received a Ph.D. at 15, on suspicion he sold military secrets to China.

Maui is an unlikely place for a spy saga., a mostly rural island of 140,000 known more for big-wave surfing and five-star resorts.

The case comes amid growing U.S. concern about Chinese spying and enhanced prosecution efforts across the country.

Firewall Vendors Scramble to Fix DNS Problem

Nearly a month after a critical flaw in the Internet's Domain Name System was first reported, vendors of some of the most widely used firewall software are scrambling to fix a problem that can essentially undo part of the patches that address this bug.

The DNS flaw affects server software made by many vendors, including Microsoft, Cisco Systems, and the Internet Systems Consortium.

Some firewall software undoes a source port randomization feature that was introduced in the DNS patches. While this change doesn't completely negate the DNS patch, it could make it easier for attackers to pull off a cache-poisoning attack against the DNS server, security experts say.

This could lead to virtually undetectable phishing attacks against users of those DNS servers.

U.S. Toll in Iraq, Afghanistan

As of Friday, Aug. 1, 2008, at least 4,127 members of the U.S. military have died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,362 died as a result of hostile action, according to the military's numbers.

The AP count is two fewer than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Friday, Aug. 1, 2008, at least 491 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Saturday at 10 a.m. EDT.

Black Hats and Cold War

What you can’t see can hurt you -- and most likely, it already has. By now, your credit card number is probably sitting somewhere on a crime server, either already compromised or ripe for the picking. But since we don’t actually see this happen nor can we put a face to the perpetrators, it’s easy to dismiss the threat or ignore it altogether -- until we feel it in our wallets.

The stakes are higher than a compromised credit card account, however. There’s a cyberspace Cold War going on right now between the U.S. and two countries-who-must-not-be-named (two guesses), according to a commissioner on the Commission on Cyber Security for the 44th Presidency, which is working on policy, research, and technology recommendations for the next administration to combat cybercrime and cyber warfare.

FBI: Flash Drive Used to Steal Countrywide Customer Data

Struggling home mortgage lender Countrywide, already hit hard by the lending crisis and an investigation into potential fraud at the company, now faces another crisis: One of its former employees has been charged for allegedly stealing personal information about customers.

Rene Rebollo was arrested on Friday by agents with the Federal Bureau of Investigation (FBI) in California, who say he stole and then sold personal information about Countrywide customers throughout the country over a two-year period.

Rebollo worked as a senior financial analyst for Countrywide Home Loan's subprime mortgage division, where he had access to Countrywide databases containing customer data, according to the complaint against him. Using his computer at work, he saved the customer data onto his own flash drives to remove it from the office, the FBI alleges. About a month ago, during an interview by FBI agents, Rebollo admitted he gave out the account information to third parties, according to the complaint.

Rebollo lost his job with Countrywide in July.

Another man, Wahid Siddiqi, was arrested for allegedly buying the stolen data and also selling it.

Apple Security Patch Flubs DNS Fix

Apple on Thursday released Security Update 2008-005, a collection of 17 fixes for security vulnerabilities in its Mac OS X operating system.

Among the fixes is what looks to be a patch for the DNS cache poisoning vulnerability that security experts spent most of July warning about.

But according to security researcher Swa Frantzen from the SANS Internet Storm Center, Apple's fix hasn't quite done the trick.

"Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness," said Frantzen in a blog post.

The issue appears to be that despite Apple's patch, BIND under OS X is incrementing the ports it uses to communicate DNS information in a predictable pattern.

"In analyzing whether Comcast violated federal policy when it blocked access to certain applications, we conduct a fact-specific inquiry into whether the management practice they used was reasonable," FCC commissioner Kevin Martin said. "Based on many reasons, including the arbitrary nature of the blocking, the lack of relation to times of congestion or size of files, and the manner in which they hid their conduct from their subscribers, we conclude it was not."

The commission concluded that Comcast had interfered with internet users' right to access the internet and to use applications of their choice. The commission said Comcast monitored the content of its customers' internet connections and selectively blocked peer-to-peer connections.

Note: So where are the reporting conflicts? Well, earlier, "..The International Olympic Committee and the Chinese organizers BOCOG have agreed to lift all Internet restrictions for media covering the Beijing Games, the IOC told Reuters on Friday." Details here.

I guess they just haven't gotten around to removing the access restrictions yet.

Thursday, July 31, 2008

China Hits Back at U.S. Senator's Spying Claims

China's Foreign Ministry brushed off but did not specifically deny accusations that Chinese authorities are forcing foreign hotel chains operating here to install Internet eavesdropping devices ahead of the Olympics.

"Those accusations are unfair," the state-run Xinhua News Agency quoted Foreign Ministry spokesperson Liu Jianchao as saying at the ministry's biweekly press conference Thursday. "Privacy is respected and guaranteed in China. China's security measures in hotels and other public places are not beyond the internationally, generally used measures," he said.

On Tuesday, Kansas Senator Sam Brownback accused China again of ordering foreign hoteliers to permit the Public Security Bureau, China's police, to deploy Internet monitoring hardware and software. "The Chinese government has put in place a system to spy on and gather information about every guest at hotels where Olympic visitors are staying," he said in a statement. "This means journalists, athletes' families and other visitors will be subjected to invasive intelligence gathering by the Chinese Public Security Bureau."

Federal agents may take a traveler's laptop computer or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed.

Also, officials may share copies of the laptop's contents with other agencies and private entities for language translation, data decryption or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement.

"The policies . . . are truly alarming," said Sen. Russell Feingold (D-Wis.), who is probing the government's border search practices. He said he intends to introduce legislation soon that would require reasonable suspicion for border searches, as well as prohibit profiling on race, religion or national origin.

DHS officials said the newly disclosed policies -- which apply to anyone entering the country, including U.S. citizens -- are reasonable and necessary to prevent terrorism. Officials said such procedures have long been in place but were disclosed last month because of public interest in the matter.

'Anthrax Scientist' Commits Suicide As FBI Closes In

A top U.S. biodefense researcher apparently committed suicide just as the Justice Department was about to file criminal charges against him in the anthrax mailings that traumatized the nation in the weeks following the Sept. 11, 2001, terrorist attacks, according to a published report.

The scientist, Bruce E. Ivins, 62, who worked for the past 18 years at the government's biodefense labs at Fort Detrick, Md., had been told about the impending prosecution, the Los Angeles Timesreported for Friday editions. The laboratory has been at the center of the FBI's investigation of the anthrax attacks, which killed five people.

Ivins died Tuesday at Frederick (Md.) Memorial Hospital. The Times, quoting an unidentified colleague, said the scientist had taken a massive dose of a prescription Tylenol mixed with codeine.

Black Hat Talk on Apple Encryption Flaw Pulled

A security researcher who was set to speak at the Black Hat hacker convention in Las Vegas next week on a previously undiscovered flaw in Apple's FileVault encryption system has canceled his talk, citing confidentiality agreements with the Cupertino computer maker.

Charles Edge, a researcher from Georgia, had been slated to discuss his research on a weakness that could be used to defeat FileVault encryption on the Mac. But sometime last week, Black Hat organizers pulled his name and presentation listing from its schedule of talks.

Contacted via cell phone, Edge said he signed confidentiality agreements with Apple, which prevents him from speaking on the topic and from discussing the matter further.

House Republicans on the intelligence committee walked out of a Thursday morning briefing by the national intelligence director, Mike McConnell, on the order to protest what they consider the White House's pattern of disrespect for congressional oversight.

The committee believes it has not been consulted or informed about critical intelligence matters. These include the executive order; Israel's bombing of an alleged Syrian nuclear facility last summer; changes in U.S. intelligence on Iran; the administration's warrantless wiretapping program; and the CIA's destruction of interrogation videotapes.

"This president is making it impossible for Congress to do oversight of the intelligence community," the committee's top Republican, Rep. Peter Hoekstra of Michigan, told The Associated Press. "The only effective oversight that can be done is out of the executive branch. And this is the fox guarding the chicken coop."

Black Hat: A Photo That Can Steal Your Facebook Account

At the Black Hat computer security conference in Las Vegas next week, researchers will demonstrate software they've developed that could steal online credentials from users of popular Web sites such as Facebook, eBay and Google.

The attack relies on a new type of hybrid file that looks like different things to different programs. By placing these files on Web sites that allow users to upload their own images, the researchers can circumvent security systems and take over the accounts of Web surfers who use these sites.

"We've been able to come up with a Java applet that for all intents and purposes is an image," said John Heasman, vice president of research at NGS Software.

They call this type of file a GIFAR, a contraction of GIF (graphics interchange format) and JAR (Java Archive), the two file-types that are mixed. At Black Hat, the researchers will show attendees how to create the GIFAR while omitting a few key details to prevent it from being used immediately in any widespread attack.

U.S. Navy Partially Spares Moffett Field's Hangar One

Hangar One, the onetime airship station that has long symbolized California's Silicon Valley, won't be destroyed after all. The US Navy will allow it to stand - without its clothing.

More than two years ago, the Navy designated Hangar One for demolition, after discovering that the mammoth Mountain View landmark was poisoning nearby wetlands. But some feisty blimp garage lovers fought to save the structure, and yesterday, as reported by the San Jose Mercury News, the Navy said it will leave the hangar's steel skeleton in place while removing its toxic siding.

U.S. Homeland Security Stays Mum on New 'Cyber Security' Center

The Bush administration's newly-created National Cyber Security Center remains shrouded in secrecy, with officials refusing to release information about its budget, what contractors will run it, and how its mission relates to Internet surveillance.

In correspondence with the U.S. Senate posted on Thursday, the Bush administration said it would not provide that information publicly. An 18-page, partially redacted letter [.pdf] from DHS said that disclosure could affect "the conduct of federal programs, or other programs or operations essential to the interests of our nation."

The censored letter -- a non-redacted, "For Official Use Only" version was provided to senators -- came in response to queries from the top Democratic and Republican members of the Senate's Homeland Security committee.

Toon of The Day: McCain's Journeys

U.S. Intends to Remain in Full Control of Internet Root Zone, Says Letter from NTIA

In a letter sent by bureau of the U.S. Department of Commerce, National Telecommunications and Information Administration (NTIA) to ICANN, the department has made it clear that despite recent discussions in Paris meetings, the U.S. department intends to remain in full authority over the Internet root zone.

"The Department believes strongly that it is important to clarify that we are not in discussions with either party to change the respective roles of the Department, ICANN or VeriSign regarding the management of the authoritative root zone file, nor do we have any plans to undertake such discussions," says Meredith Baker, NTIA's acting assistant secretary for communications and information. "Consistent with public statements made by the United States government starting in 2000 and reinforced by the 2005 U.S. Principles on the Internet's Domain Name and Addressing System, the Department, while open to operational efficiency measures that address governments’ legitimate public policy and sovereignty concerns with respect to the management of their ccTLD, has no plans to transition management of the authoritative root zone file to ICANN as suggested in the PSC documents."

Shocker: Republican House Leader Blasts FCC Ahead of Comcast Vote

On the eve of the Federal Communications Commission's expected vote to punish Comcast for blocking peer-to-peer traffic on its network without properly informing subscribers, the agency is taking some fire from Congress.

In a letter sent today to FCC Chairman Kevin Martin, House Minority Leader John Boehner (R-Ohio) questioned the commission's legal authority to intervene and argued that the unregulated market is moving to solve the problem of network management.

The expected vote at tomorrow's FCC meeting stems from Comcast's blocking of peer-to-peer traffic from BitTorrent, and its alleged failure to provide adequate notification to its subscribers.

U.S. Military Base Guards Not Properly Screened

The Army can't verify that all of the civilian security guards it hires to protect military bases have been screened for criminal records, records show.

Congress mandated two years ago that the Army conduct thorough criminal background checks and give proper training to base security guards but declassified Pentagon records show that two years after the new requirements, the Army couldn't say if a majority of the guards were in compliance, the Deseret News in Salt Lake City, reported Wednesday.

The newspaper said it obtained a declassified report through the Freedom of Information Act revealing that a recent inspection found many of the same problems, including at Utah's Tooele Army Depot. Some bases, it said, also failed to conduct required secret tests to see if guards could find fake IDs or simulated car bombs.

Northrop Grumman Files Protest Over TSA Infrastructure Decision

Northrop Grumman Corp. is protesting the Transportation Security Administration’s decision not to consider the company a finalist for a $2 billion contract.

TSA announced in late June that Computer Sciences Corp., General Dynamics Corp. and Lockheed Martin Corp. were qualified to continue bidding on the Information Technology Infrastructure Program contract. In addition, CACI International Inc. is qualified as a subcontractor to CSC.

Unisys Corp., the incumbent on the contract, filed its own protest earlier but it did not make the cut for the final competition. Unisys won the contract in 2002, shortly after TSA was formed.

New Yorker Gets 30 Months For Bogus Cisco Gear

A hardware reseller from New York state has been sentenced to two-and-a-half years in prison for passing off cheap Chinese networking gear as genuine Cisco products.

Charles Lacy-Thompson, 52, of Briarcliff Manor, New York, was also ordered to pay $2.2m in restitution and forfeiture of profits, according to the US Attorney's office in the southern district of New York.

Security Fix: U.S. Senate Approves Bill to Fight Cyber-Crime

The Senate on Wednesday passed legislation to modernize the nation's computer crime laws and give prosecutors more leeway in pursuing cyber crooks.

Under current federal cyber-crime laws prosecutors must show that the illegal activity caused at least $5,000 in damages before they can bring charges for unauthorized access to a computer. Under the bill approved today, that threshold would be eliminated.

Instead, the legislation would make it a felony to install spyware or keystroke-monitoring programs on 10 or more computers regardless of the amount of damage caused.

This change is important because most of today's cyber criminals break into thousands of computers at a time, but seldom inflict $5,000 worth of damages on any one individual. Moreover, while most commit their crimes by tunneling their connections through hacked computers, the crooks may never damage the PCs they are using as a proxy or try to steal personal and financial data from victims.

NASA Spacecraft Confirms Martian Water, Mission Extended

Laboratory tests aboard NASA's Phoenix Mars Lander have identified water in a soil sample. The lander's robotic arm delivered the sample Wednesday to an instrument that identifies vapors produced by the heating of samples.

"We have water," said William Boynton of the University of Arizona, lead scientist for the Thermal and Evolved-Gas Analyzer, or TEGA. "We've seen evidence for this water ice before in observations by the Mars Odyssey orbiter and in disappearing chunks observed by Phoenix last month, but this is the first time Martian water has been touched and tasted."

With enticing results so far and the spacecraft in good shape, NASA also announced operational funding for the mission will extend through Sept. 30. The original prime mission of three months ends in late August. The mission extension adds five weeks to the 90 days of the prime mission.

"Phoenix is healthy and the projections for solar power look good, so we want to take full advantage of having this resource in one of the most interesting locations on Mars," said Michael Meyer, chief scientist for the Mars Exploration Program at NASA Headquarters in Washington.

UK: Only Those Convicted Should Be On DNA Database, Says Panel

An inquiry panel established by a Government advisory body has recommended that many of the records on the UK's DNA database, the biggest in the world, be deleted. A ruling is still awaited from the European Court of Human Rights (ECHR) on the issue.

More than 6% of the UK population is on the DNA database, the highest proportion in the world. In England and Wales anyone detained by police on suspicion of a wide variety of offences can have DNA material added to the database even if they are never charged or convicted of a crime.

Government advisors the Human Genetics Commission (HGC) established a panel of 30 people to investigate the database. The panel, called a 'citizens' inquiry', could call expert witnesses, take evidence and direct their own six week period of research.

It concluded that the database should not hold the DNA of people who have not been convicted of a crime, and that data on people who were convicted should be held for a length of time propotionate to their sentence.

Hungarian Customs Zeroes In On Bank-Robbing Computer Hackers

The Hungarian Customs and Finance Guard has recovered or accounted for some USD 1.5m stolen from a foreign financial institution in an attack by hackers as the money was laundered by a ring that included Hungarian citizens, the guard told MTI on Wednesday.

The money launderers transferred the money to bank accounts in Hungary and the accounts of off-shore companies. In the course of the investigation, they withdrew more than HUF 70m - or USD 500,000 - of the money in cash, the guard said.

The guard issued arrest warrants for three Hungarian citizens as a result of the investigation.

Bush Signs New Rules, Roles For Spy Agencies

President Bush approved an order Wednesday that rewrites the rules governing spying by U.S. intelligence agencies, both in the United States and abroad, and strengthens the authority of the national intelligence director, according to a U.S. official and government documents.

Executive Order 12333, which lays out the responsibilities of each of the 16 agencies, maintains the decades-old prohibitions on assassination and using unwitting human subjects for scientific experiments, according to a power point briefing given to Congress that was reviewed by The Associated Press. The CIA notoriously tested LSD on human subjects in the 1950s, which was revealed by a Senate investigation in 1977.

The new order gives the national intelligence director, a position created in 2005, new authority over any intelligence information collected that pertains to more than one agency — an attempt to force greater information exchange among agencies traditionally reluctant to share their most prized intelligence. The order directs the attorney general to develop guidelines to allow agencies access to information held by other agencies. That could potentially include the sharing of sensitive information about Americans.

Quote of The Day: Kevin Poulsen

"According to his lawyers, the United States offered McKinnon a deal of six months to a year in U.S. federal custody, followed by repatriation by the U.K., where he'd be eligible for parole after six months. McKinnon turned it down, then went running to the U.K. courts whining that the big bad Americans were trying to extort him into pleading guilty. You think? That's what a plea bargain is, slick."

HD Moore: Hackers Start DNS Attacks

Hackers are now actively exploiting a critical flaw in the Domain Name System, but they're not using any of the already known exploits, said a researcher who crafted the first attack code to go public.

"We're seeing an entirely new technique," said HD Moore, the creator of the Metasploit penetration-testing framework, who with a hacker identified as "I)ruid" published exploits last week for the vulnerability in the Internet's routing system.

Late yesterday, Moore reported that he had found a compromised DNS server operated by AT&T Inc. when employees at his company, BreakingPoint Systems Inc., realized that they were being shunted to a bogus version of Google.com. Since then, Moore said today, he has heard from others who also reported redirects from hacked DNS servers. "They're saying, 'We've seen the same thing,' so now we're trying to figure out if we're seeing attacks on a wide scale or not."

Moore said the exploit that successfully attacked the AT&T server was not the same as the Metasploit attack code that he and I)ruid wrote, nor were any of the other public exploits.

SCADA Watch: SCADA Security Incidents Will Become More Prevalent

Lumeta today warned that, as industries connect their previously isolated Supervisory Control and Data Acquisition (SCADA) systems to their larger TCP/IP networks to gain better accessibility and to lower costs, they will also potentially subject these critical industrial controls to higher security risks.

As connectivity becomes ever more ubiquitous throughout organizations, it is certain that more SCADA security incidents will occur and, given how much of the world's infrastructure they control, they could potentially have serious repercussions.

U.S. To Pilot Internet Travel Authorisation Program

The United States will launch a pilot scheme on Friday which will require travellers covered by its visa waiver programme to get prior Internet authorisation before boarding flights to America.

US officials outlining the Electronic System for Travel Authorisation (ESTA) denied it would amount to reintroduction of visas - a concern voiced in the European Union - even though fees might be charged for the process in future.

"The ESTA is not a visa," Jackie Bednarz, attache for the US Department of Homeland Security, told a news briefing in Brussels on Monday. "It's very different in our minds."

Advocacy Groups Win One on White House E-mail

A U.S. District Court yesterday quashed an effort by the Department of Justice (DoJ) to fight legal action related to missing White House e-mails.

The DoJ, which is representing the White House, had disapproved of the court's previous recommendation on e-mail preservation in the Executive Office of the President (EOP). The court had advised the EOP to search desktops and movable media used between March 2003 and October 2005 for missing e-mails.

Yesterday's decision by Magistrate Judge John M. Facciola is a small victory for two advocacy groups seeking to preserve White House e-mail. It's a minor setback for the DOJ that has consistently fought legal action related to missing e-mails and initiating new preservation processes.

Gary McKinnon Loses Extradition Appeal

A British man who hacked into computers at the Pentagon will face trial in the US after the law lords ruled that he should be extradited.

At the House of Lords this morning, Gary McKinnon, 42, was told that his appeal against extradition would not be granted.

McKinnon, an unemployed computer systems administrator from north London, invaded computer systems belonging to the US military in 2001 – shortly after the attacks on the World Trade Center and the Pentagon.

He said he was merely searching for evidence of extraterrestrial life, but American officials labelled him the world's most dangerous hacker and accused him of deleting important files and causing hundreds of thousands of dollars' worth of damage.

IOC Admits Internet Censorship Deal With China

Some International Olympic Committee officials cut a deal to let China block sensitive websites despite promises of unrestricted access, a senior IOC official admitted on Wednesday.

Persistent pollution fears and China's concerns about security in Tibet also remained problems for organizers nine days before the Games begin.

China had committed to providing media with the same freedom to report on the Games as they enjoyed at previous Olympics, but journalists have this week complained of finding access to sites deemed sensitive to its communist leadership blocked.

Metasploit Creator a Victim of His Own Creation - UPDATE

That's hacker talk, meaning that Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack.

It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company.

When Moore tried to visit Google.com, he was actually redirected to a fake page that served up a Google page in one HTML frame along with three other pages designed to automatically click on advertisements.

Internet Censorship Plagues Journalists at Olympics

With the opening of the Beijing Olympic Games a mere 10 days away, members of the media have learned that there is at least one thing they can expect not to be open: the Internet.

Despite earlier assurances that journalists would have unfettered access to the Internet at the Main Press Center and athletic venues, organizers are now backtracking, meaning that the some 5,000 reporters working in Beijing during the next several weeks won't have access to a multitude of sites such as Amnesty International or any site with Tibet in the address, according to an Associated Press report.

When Chinese officials were bidding for the right to hold the games seven years ago, they assured international organizers that there would be "complete freedom to report." In April, Chinese organizers told International Olympic Committee members that Internet censorship, which is routine for China's citizens, would be lifted for journalists during the games.

However, IOC members issued a clarification Tuesday, saying that Internet freedom applied only to Web sites related to ''Olympic competitions.'' Some journalists expressed frustration at the slow download rates and even voiced suspicion that it was deliberate and intended to discourage use.

U.S. Senator: China Will Spy on Olympics Tourists

China has installed Internet-spying equipment in all the major hotel chains serving the 2008 Summer Olympics, a U.S. senator charged on Tuesday.

"The Chinese government has put in place a system to spy on and gather information about every guest at hotels where Olympic visitors are staying," said Sen. Sam Brownback.

The conservative Republican from Kansas, citing hotel documents he received, added that journalists, athletes' families and others attending the Olympics next month "will be subjected to invasive intelligence-gathering" by China's Public Security Bureau. He said the agency will be monitoring Internet communications at the hotels.

Are Airport Kiosks Safe?

Airline travelers may want to think twice about swiping their credit cards at airport self-service check-in kiosks following the possible theft of credit card account numbers from the kiosks at Canada's largest airport in Toronto.

One Canadian airline, WestJet, already has suspended use of credit cards for check-in at the Toronto kiosks in the wake of the investigation by Visa and MasterCard, which was revealed last week. Fliers can still use the machines, but now must use other methods – by swiping frequent flier cards, entering confirmation codes or using their passports.

About 31 million passengers fly through Toronto’s Pearson International Airport every year, making the potential haul for credit card thieves able to access data entered into the 150 check-in kiosks enormous. But a possible kiosk-related heist raises questions about the security of the self-service machines at other airports, which are used by millions of travelers every day in the U.S and elsewhere.

It's still unclear how thieves could have stolen credit card numbers from the kiosks. A Canadian government report is expected later this week.

U.S. Government Agencies Slow to Deploy Crypto

Following a slew of high-profile data breaches, U.S. government agencies have largely failed to roll out planned encryption deployments, leaving about 70 percent of their systems with unencrypted sensitive data, the Government Accountability Office stated in a recent report.

The report, highlighted in a statement released by the House Committee on Homeland Security on Monday, found that the lack of a specific requirement to encrypt sensitive data has led to spotty information security. The White House's Office of Management and Budget recommended in 2006 that all agencies encrypt data on laptop computers and mobile devices. In 2007, the OMB made encryption for such devices a requirement.

"Encryption is not an option, it is a mandate," Rep. Bennie G. Thompson, D-MS, chairman of the House Committee on Homeland Security, said in the statement. "Unfortunately, I’m not surprised that despite mandates by OMB, the Federal government is only 30 percent of the way there."

Security Fix: Three Quarters of Malicious Web Sites Are Hacked

Three-quarters of all Web sites that try to foist malicious software on visitors are legitimate sites that have been hacked, a report released today found. Even worse, most of these compromised sites are social networking communities and some of the Internet's most popular destinations.

Those numbers come from stats [.pdf] collected in the first six months of this year by Websense, an online security company that scans more than 40 million Web sites hourly for signs that they may have been compromised by hackers.

Websense found that 60 percent of the Top 100 most popular sites this year have either hosted malware or forwarded visitors to malicious sites. The company also says that nine out of 10 of those compromised sites were social networking or Web search sites.

Monday, July 28, 2008

California Man's Computer Used to Send Bomb Threat in India

A California man currently renting a home in India is caught in the middle of an investigation into a series of bombs that exploded in India this last weekend, according to the Associated Press.

The 48-year-old man hasn't been identified by police and is not currently a suspect.

An e-mail, which bore the subject line "Await 5 minutes for the revenge of Gujarat," was sent from the man's computer to several Indian television stations minutes before 16 bombs exploded in Ahmadabad, a city in the western Indian state of Gujarat. Police believe, however, that the message likely did not originate from the man's computer and that someone else -- presumably a hacker -- simply used his computer and Yahoo account to send it.

IBM ISS: Online Threats Materializing Faster

The bad guys on the Internet are narrowing the time frame they need to unleash computer attacks that take advantage of publicly disclosed security holes, new research shows.

More and more of these attacks are coming within 24 hours after a vulnerability is disclosed. That means security flaws are being exploited in Web browsers, computer operating systems and other programs before many people even have had time to learn there's a problem, according to IBM Corp.'s latest Internet Security Systems X-Forcereport.

The report, scheduled to be released Tuesday, looked at the first six months of 2008 and reflects two growing trends in Internet-based threats.

The first is that online criminals have latched on in a big way to programs that help them automatically generate attacks based on publicly available information about vulnerabilities. In the past they apparently spent more time finding such holes themselves, but no longer find that as necessary.

"The bad guys are not the ones actively finding vulnerabilities—they've shifted their business to standing on the shoulders of the security research community," Kris Lamb, operations manager for X-Force, said in an interview. "They don't have to do the hard work anymore. Their job is packaging what's been provided to them."

NIST Pilot Gives U.S. Agencies Experience With DNSsec

Like so many of the technical underpinnings of the Internet, the Domain Name System that translates names into IP addresses was not designed with adequate security. The DNS Security Extensions (DNSsec) for digitally signing and authenticating information has been developed to help fix that problem, and its use in government is likely to become more common.

In late 2006, new federal information security requirements called for agencies to use DNSsec signatures on DNS servers that are classified as moderate- or high-impact information systems. However, to date there has been little implementation of DNSsec in the .gov domain, said Doug Montgomery, manager of the Internet technical research group for the National Institute of Standards and Technology.

Korean Police Investigate Massive Leak of Personal Data

Police are investigating the leak of about 9 million items of personal information from the internet, allegedly obtained by a China-based hacker and misused by online Korean moneylenders.

Four private loan brokers in Seoul bought the stolen data for 15 million won ($14,900) from the hacker who allegedly broke into about 2,000 local websites in May 2006 using a computer program called "HDSI 2.0," the Seoul Metropolitan Police Agency said.

The suspects also resold the data to other loan businesses and mail-based marketing firms. They had raked in 220 million won from the sales between May 2007 and February 2008, police said.

A total of eight suspects were rounded up after the police crackdown from December 2007-February 2008. Two key suspects fled to China and police are tracing their whereabouts, officials said.

They also made random phone calls to encourage cash-strapped individuals to borrow money from private lenders. They collected fees amounting to 2.5 billion won [roughly US$2.48 million -ferg] from both lenders and borrowers, police said.

The Life and Background of Terry Childs

Prosecutors portray Terry Childs as an unstable, power-mad computer engineer who held hostage the San Francisco city network he had built and awaited its destruction as revenge on bosses he saw as inferiors.

To Childs' friends, some former colleagues and his younger brother, that view doesn't remotely resemble the 43-year-old Kansas native they know: a reliable, self-made professional who overcame a troubled childhood and a stint in state prison that started when he was just a teenager.

After years of study and hard work, they say, he landed a job building a network that handled San Francisco's payroll documents, law enforcement records and other sensitive information. He spent his nights and weekends building a system that he wanted to protect, not tear down, his defenders say.

All well and good, prosecutors counter. But why won't he simply come clean about everything he has done? What about the menacing encounters with bosses at work?